package cc.ucanuup.config.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 文件名： com.bozhon.config.sercurity.WebSecurityConfig.java
 * 作者：   WenBin
 * 日期：   2018年2月3日
 * 功能说明： OLD ONE
 *
 * =========================================================
 * 修改记录：
 * 修改作者    日期      修改内容
 *
 *
 * =========================================================
 *  Copyright (c) 2010-2011 .All rights reserved.
 */
@Configuration
@EnableWebSecurity //启用web权限
@EnableGlobalMethodSecurity(prePostEnabled = true) //启用方法验证
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private CustomAuthenticationProvider customAuthenticationProvider;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
		/*		.antMatchers(StaticParams.PATHREGX.NOAUTH,
				StaticParams.PATHREGX.CSS,StaticParams.PATHREGX.JS,StaticParams.PATHREGX.IMG).permitAll()//无需访问权限

		.antMatchers(StaticParams.PATHREGX.AUTHADMIN).hasAuthority(StaticParams.USERROLE.ROLE_ADMIN)//admin角色访问权限

		.antMatchers(StaticParams.PATHREGX.AUTHUSER).hasAuthority(StaticParams.USERROLE.ROLE_USER)//user角色访问权限
		 */
		.anyRequest()//all others request authentication
		.authenticated()
		.and()
		.authorizeRequests()
		.antMatchers("/","/srmlogin", "/login-error", "/index")
		.permitAll()
		.and()
		.addFilterBefore(myValidCodeProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
		// 配置登录页面的表单 action 必须是 '/login', 用户名和密码的参数名必须是 'username' 和 'password'，
		// 登录失败的 url 是 '/login-error'
		.formLogin().loginPage("/login")
		.loginProcessingUrl("/login")
		.defaultSuccessUrl("/")
		.usernameParameter("username")
		.passwordParameter("password")
		.failureUrl("/login").permitAll()
		.and()
		.logout().logoutSuccessUrl("/login").permitAll();

		http.csrf().disable().headers().frameOptions().sameOrigin();;


	}

	@Bean
	public MyLoginFilter myValidCodeProcessingFilter() {
		MyLoginFilter filter = new MyLoginFilter();
		return filter;
	}
	/**
	 * Configure global.
	 *
	 * @param auth the auth
	 * @throws Exception the exception
	 */
	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		// 使用自定义的 Authentication Provider
		auth.authenticationProvider(customAuthenticationProvider);
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		//解决静态资源被拦截的问题
		web.ignoring().antMatchers("/static/**");
		web.ignoring().antMatchers("/srmlogin/**");
		web.ignoring().antMatchers("/authImage/**");
		web.ignoring().antMatchers("/out/**");
	}
}
